-
Bug
-
Resolution: Done
-
Highest
-
Oxygen, Fluorine
-
Operating System: All
Platform: All
-
7545
On the tenant network, Netvirt supports ping to router interface address using OVS flows.
This is achieved by programming the necessary flows [1] in Table21 (FIB_TABLE) to auto-respond to ping.
However, when using "Stateful SG mode", this feature is broken and ACL service is dropping [2] the packets in Table252.
This feature works fine in "SG transparent mode", when port-security is disabled on the port (obviously isn't it and when we explicitly add an ACL ingress rule to allow this traffic.
[1] table=21, n_packets=6, n_bytes=588, priority=42,icmp,metadata=0x222e0/0xfffffffe,nw_dst=10.0.0.1,icmp_type=8,icmp_code=0 actions=move:NXM_OF_ETH_SRC[]>NXM_OF_ETH_DST[],set_field:fa:16:3e:87:0b:fc>eth_src,move:NXM_OF_IP_SRC[]>NXM_OF_IP_DST[],set_field:10.0.0.1>ip_src,set_field:0->icmp_type,load:0->NXM_OF_IN_PORT[],resubmit(,21)
[2] table=252, n_packets=78, n_bytes=7644, priority=50,ct_state=+new+trk actions=drop